First of all, we’re not talking about hitting anyone with a bunch of sandwiches. The DeFi landscape offers various innovative features and solutions, but at the same time, requires a big learning curve and is full of scams, attacks, and rug pulls.
So, today, we’ll try to explain and understand a particular kind of DeFi attack known as Sandwich attacks. So, let’s begin.
What is a Sandwich Attack?
To understand the concept of sandwich attacks and how do they work, we’ll first need to understand a few terms. The first term is price slippage. The price slippage can be defined as the change in the price of an asset during the trade. In the context of decentralized finance, whenever you’re trading on a DEX such as Uniswap, you’ll notice the price slippage mentioned under the swap button.
To understand the sandwich attacks, we’ll also need to take a step back and remind ourselves of the concept of automated market makers aKa AMM. To get a better grasp of the concept, head to our explainer: What are Automated Market Makers?
In our AMM explainer blog post, we understood how AMMs use a constant product formula and the algorithm automatically dictates the prices of assets depending on the demand and supply after every trade.
In essence, the price of an asset can substantially increase or decrease with a single big trade. That’s what sandwich attackers take benefit of, by sandwiching a big transaction by simultaneously front-running and back-running it.
So, Here’s How A Sandwich Attack Works
Let’s understand the working of a sandwich attack in a step-by-step scenario:
- The attacker detects the victim’s transaction in the memepool.
- They front-run the victim’s transaction by attaching a higher transaction fee, thus ensuring the attacker’s transaction gets executed before the victim’s.
- Victims’ transactions get executed and suffer higher slippage by paying higher for an asset than they expected because of the attacker’s transaction resulting in an increase in the price of the asset.
- The attacker then back-runs the victim and makes a profit.
- Thus executing a sandwich attack – sandwiching the victim’s transaction with two transactions.
For example, if a victim wanted to swap her USDC for ETH. The attacker will front-run the victim’s transaction with the same swap (swapping USDC for ETH) and thus increasing the price of ETH. Now, the victim will end up paying more USDC for the ETH with higher price slippage. Once the victim’s transaction is executed, the attacker will swap her ETH back to USDC and make a profit.
It’s worth noting that the attacker can only make a profit when the transaction amount is big enough since the transaction costs on the Ethereum network can be really high.
Now, the questions arise, how can you be safe from such attacks? Unfortunately, you can’t really do anything about it as a user, unless the decentralized exchange (DEX) or the given DeFi platform develops a countermeasure to such attacks. Since the DeFi landscape is innovating at a massive scale, hopefully, we’ll have a countermeasure for such attacks real soon.